Last Attempt 350-701 Questions

 A security application that notifies a controller within a software-defined network architecture about a specific security threat is using a northbound API. A northbound API is an interface that enables communication between the SDN controller and the applications or management systems that use the network services1. A security application can use a northbound API to send alerts, requests, or commands to the SDN controller, which can then take appropriate actions on the network devices or policies2. For example, a security application can use a northbound API to inform the SDN controller about a malicious traffic pattern, and the SDN controller can then block or redirect the traffic using a southbound API3.

 1: What is Software-Defined Networking (SDN)? | VMware Glossary 2: Intent-Based Networking’s Next Evolution: The DNA Center Platform - Cisco Blogs 3: Cisco SDN Security: Securing the Software Defined Network - Cisco

The correct command to configure the new router to use 192.168.1.110 as its primary time source without the new router attempting to offer time to existing devices is ntp server 192.168.1.110 key 1 prefer. This command specifies that the new router will act as an NTP client and synchronize its time with the NTP server at 192.168.1.110, using the authentication key 1 and giving preference to this server over other possible servers. The prefer keyword indicates that this server is preferred over other servers with the same stratum number. The ntp server command is different from the ntp peer command, which configures the new router to act as an NTP peer and exchange time information with another NTP device. A peer relationship is bidirectional and symmetric, meaning that both devices can provide and receive time information from each other. A client-server relationship is unidirectional and asymmetric, meaning that the client only receives time information from the server and does not provide any time information to the server. Therefore, the ntp peer command is not suitable for the scenario, as it would make the new router attempt to offer time to existing devices, which is not desired. The primary keyword is not a valid option for either the ntp server or the ntp peer command, and it would cause a syntax error. References :=

Implementing and Operating Cisco Security Core Technologies (SCOR) v1.0, Module 1: Security Concepts, Lesson 1.3: Network Time Protocol

Configuring NTP - Cisco, Configuring NTP on the Switch, Configuring NTP in Client Mode

NTP Commands - Cisco, ntp server, ntp peer

Explanation

Umbrella Roaming is a cloud-delivered security service for Cisco’s next-generation firewall. It protects your employees even when they are off the VPN.

Explanation

Explanation

Other features are dependent on SSL Decryption functionality, which requires the Cisco Umbrella root

certificate. Having the SSL Decryption feature improves:

Custom URL Blocking—Required to block the HTTPS version of a URL.

…

Umbrella’s Block Page and Block Page Bypass features present an SSL certificate to browsers that make

connections to HTTPS sites. This SSL certificate matches the requested site but will be signed by the Cisco Umbrella certificate authority (CA). If the CA is not trusted by your browser, an error page may be displayed.

Typical errors include “The security certificate presented by this website was not issued by a trusted certificate authority” (Internet Explorer), “The site’s security certificate is not trusted!” (Google Chrome) or “This

Connection is Untrusted” (Mozilla Firefox). Although the error page is expected, the message displayed can be confusing and you may wish to prevent it from appearing.

To avoid these error pages, install the Cisco Umbrella root certificate into your browser or the browsers of your users—if you’re a network admin.